cisco & krb5
Sam Hartman
hartmans at MIT.EDU
Wed Mar 24 14:19:18 EST 2004
>>>>> "Mihai" == Mihai RUSU <dizzy at roedu.net> writes:
Mihai> Hi I am testing cisco switch authentication configuration
Mihai> with kerberos v5 server. I succeded in auth against
Mihai> kerberos only if the server "key" is des-cbc-crc. If I have
Mihai> a key both des-cbc-crc and des3-hmac-sha1 it doesnt seem to
Mihai> work. I will investigate this also on the cisco side (if it
Mihai> can be made to use des3-hmac-sha1 keys) but while Im doing
Mihai> that I also wanted to know how can I add key entries to a
Mihai> keytab file (which I send it to the cisco router for his
Mihai> own auth) only of one key type ? If the generated key for a
Mihai> principal is both des3-hmac-sha1 and des-cbc-crc it seems
Mihai> that ktadd adds them both to the keytab file. I would need
Mihai> a solution to add only des-cbc-crc or a solution to delete
Mihai> one of the keys of the same principal in a keytab file.
Try
ktadd -e des-cbc-crc:normal principalname
More information about the Kerberos
mailing list